The main web page isn't the issue. If you look at the URL that started this:
http://cdoctor.com/wp-includes/td06fnuu.php
it's possible that the main web page for
cdoctor.com is just fine. However, the vandal managed to create a bogus page on the site that vectors off to russia.
So the real question is if you have any bogus pages on your web site that aren't yours. If you have seen any of the phishing messages, look at the URLs they are referring to. Alternatively, look at your access log for unusual web pages that are returning results.
If either of these prove to show you have a problem, the first thing to do is to delete the offending page. The second thing to do is to make sure any software on the web site is current. The one above is a Word Press site. The last thing to do, if possible, is to understand how the vandal got into your site to change content in the first place, though updating the software may have closed the door.
Trying to figure out how a web site was defaced can be difficult. However, unless you close the door, the web site will be defaced using the same technique in the future.
Dave Regan